[Pkg-net-snmp-devel] potential security issue
Steffen Joeris
steffen.joeris at skolelinux.de
Sun Feb 22 10:26:26 UTC 2009
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.
CVE-2008-6123[0]:
| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp
| 5.0.9 through 5.4.2, when using TCP wrappers for client authorization,
| does not properly parse hosts.allow rules, which allows remote
| attackers to bypass intended access restrictions and execute SNMP
| queries, related to "source/destination IP address confusion."
Could you please check, if this affects the debian net-snmp versions and get
back to me?
Cheers
Steffen
More information about the Pkg-net-snmp-devel
mailing list